Cybersecurity First Principles: Resilience.

Cybersecurity First Principles: resilience.

Show Notes

This is the fourth show in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles. The first show explained what first principles are in general and what the very first principle should be for any infosec program. The second show discussed zero trust. The third show covered intrusion kill chains. This show will cover resilience.

References:

"Chaos Engineering: Open-sourcing Netflix’s chaos generator, Chaos Monkey,” by Cloud_Freak, Medium, 8 September 2019, last visited 30 April 2020
“Congressional Report Slams OPM on Data Breach,” by Brian Krebs, KrebsOnSecurity, 7 September 2016, last visited 30 May 2020
“Compare and contrast business resilience vs. business continuity,” by Paul Kirvan, TechTarget, 29 January 2020, last visited 30 May 2020
"Cyber Resilience – Fundamentals for a Definition,” by Fredrik Björck, Martin Henkel, Stockholm University, Janis Stirna, Jelena Zdravkovic, Stockholm University, Article in Advances in Intelligent Systems and Computing, January 2015, last visited 30 April 2020
“EXPLORING THE EVOLUTION OF BUSINESS CONTINUITY MANAGEMENT,” by DENOVO Blog, 31 May 31 2018, last visited 30 May 2020
"Jon Snow’s Plan for the Battle of Winterfell Has a Crucial Flaw, But Is It Doomed?" By Ian Graber-Stiehl, Vulture.com, 26 April 2019, last visited 30 April 2020
"Partnering for Cyber Resilience,” by The World Economic Forum, 2012, Last Visited 30 April 2020
"Presidential Policy Directive 21: Critical Infrastructure Security and Resilience,” President Obama, 12 February 2013, last visited 30 April 2020
"The Maginot Line: France's Defensive Failure in World War II," by By Robert Wilde, ThoughtCo, 30 March 2018, last visited 30 April 2020
“Site Reliability Engineering: How Google Runs Production Systems,” By Betsy Beyer, Chris Jones, Jennifer Petoff, and Niall Richard Murphy, Google Landing Page, O’Reilly Media, 16 April 2016, last visited 2 September 2017
“Organizational Resilience: Security, Preparedness, and Continuity Management Systems -- Requirements with Guidance for Use, ASIS SPC.1-2009” by ASIS International, 2009, last visited 30 May 2020
“Security and resilience — Organizational resilience — Principles and attributes: ISO 22316:2017(en),” by ISO, 2017, last visited 30 May 2020
“The Cybersecurity Canon: No Place to Hide (Part 1),” by Rick Howard, Palo Alto Networks, 15 July 2014, last visited 30 May 2020
“The Cybersecurity Canon: No Place to Hide (Part 2),” by Rick Howard, Palo Alto Networks, 16 July 2014, last visited 30 May 2020

HOST(S):

Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.

Schedule: Mondays (in season)

Credits: Edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound, and original score

Creator: CyberWire, Inc.